关联漏洞
标题:Flowise 安全漏洞 (CVE-2025-8943)描述:Flowise是FlowiseAI开源的一个用于轻松构建 LLM 应用程序的工具。 Flowise 3.0.1之前版本存在安全漏洞,该漏洞源于默认安装缺乏身份验证和基于角色的访问控制,可能导致执行未沙箱化的OS命令。
描述
CVE-2025-8943
介绍
# 🔐 CVE-2025-8943 – Critical Remote Code Execution (RCE) Vulnerability in Flowise
---
## 📝 **Summary**
* 🚨 **Critical RCE vulnerability** in **Flowise / flowise-components**.
* 🧩 Caused by insecure implementation of **Custom MCPs** (Model Context Protocol servers).
* 🌐 Allows **unauthenticated remote attackers** to execute **arbitrary OS commands**.
* 🎯 CVSS: **9.8 / Critical**
* 🛠 Affected versions: **Flowise < 3.0.1** (some advisories list ≤3.0.5)
---
## 🧨 **What Makes It Dangerous?**
* 🌍 **Network exploitable** — attacker needs only access to the Flowise endpoint
* 🚫 **No authentication required**
* 🖥️ **OS-level command execution** (full control over server)
* 🔐 Weak or missing **authorization** and **authentication**
* 📦 Custom MCP feature executes commands using `npx`, making exploitation trivial
* 🎛 Impact:
* **Confidentiality:** 🔥 High
* **Integrity:** 🔥 High
* **Availability:** 🔥 High
---
## 💥 **Technical Breakdown**
* 🧠 **Root cause:**
Flowise allows the creation of custom MCP servers, which triggers unsandboxed OS commands.
Without proper auth, anyone can invoke these commands.
* 🧩 CWE categories involved:
* ❌ **CWE-306:** Missing Authentication for Critical Function
* ❌ **CWE-862:** Missing Authorization
* ⚠️ **CWE-78:** OS Command Injection (underlying nature)
* 🎛 **CVSS Vector:**
`AV:N / AC:L / PR:N / UI:N / S:U / C:H / I:H / A:H`
→ In plain English: **Worst-case scenario**.
---
## 🛠 **Affected Versions**
* 🚫 Vulnerable:
* **Flowise < 3.0.1**
* Some advisories say **≤ 3.0.5**
* ✅ Fixed in:
* **3.0.1 and above**
---
## 🛡 **Mitigation Guide**
### ✔️ Immediate Actions (Do ASAP)
* ⬆️ **Upgrade Flowise to ≥ 3.0.1**
* 🔐 **Enable full authentication** (password + RBAC)
* 🔒 **Restrict public network exposure**
* Use VPN
* IP allowlist
* Private subnets only
### 🔧 Hardening Tips
* 📴 Disable **Custom MCPs** if not needed
* 🪪 Create strict roles & permissions
* 👀 Enable extended logging
* 🧹 Check for signs of compromise (backdoors, unknown processes, cron jobs)
---
## 📡 **Exploitation Risk**
* 🚀 Very likely to be exploited in the wild due to:
* No auth required
* OS command execution
* Public research & advisories available
* Flowise is rising in popularity
* 🕵️ Attackers may attempt:
* Malware deployment
* Crypto-mining
* Botnet enrollment
* Lateral movement inside networks
* Full data exfiltration
---
## 📚 **Reference Sources**
(*All are official + trustworthy*)
📌 NVD – National Vulnerability Database
📌 GitHub Advisory GHSA-2vv2-3x8x-4gv7
📌 Snyk Security Advisory
📌 JFrog / CIRCL-LU
📌 Wiz Research
---
Just tell me what you want!
文件快照
[4.0K] /data/pocs/50731ed88c6182ca031fdf6868d0cb87c40aa6ba
└── [2.8K] README.md
1 directory, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。